Next Page >>
Internet Explorer 8
. Internet Explorer 7 on Windows Server 2003 sp2 if
Protected Mode is OFF and not using Enhanced Security Configuration
. Internet Explorer 7 on Windows Server 2008 i
if Protected Mode is OFF and
not using Enhanced Security Configuration
. Internet Explorer 8 on Windows XP sp2
. Internet Explorer 8 on Windows XP sp3
. Internet Explorer 8 on Windows Vista sp1
if Protected Mode if OFF
. Internet Explorer 8 on Windows Vista sp2
if Protected Mode is OFF
Opera
-----------------------------
URL: http://websecurity.com.ua/4248/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
8, Google Chrome, Opera.
-----------------------------
Timeline:
26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
This issue was tested on Akamai Download Manager version 2.2.4.8 using
Windows XP SP3 running Internet Explorer 6, 7 & 8 and Windows Vista
running Internet Explorer 8.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Akamai reports that this vulnerability should have been fixed in version
Target Domain - 50webs.com
If you don’t remember, there was an important XSS vulnerability reported in all major browsers a while ago - IE7, Firefox and Opera. More Information is available in the Secunia advisories http://secunia.com/advisories/search/?search=utf-7+charset+inheritance. The vulnerability was that if you don’t specify a charset in your application page, then it is susceptible to inherit the charset in the parent page via iframes. So, if you accidently land on an evil site, an attacker might be able to steal your application session since your usual XSS prevention stuff [<,>,",',etc] will not filter the utf-7 encoded chars and XSS will execute in your vulnerable domain. Proof of Concept that works in IE7 but not in IE8 -
http://www.securethoughts.com/security/ie8utf7/ie7utf-7.html
This vulnerability was patched in Firefox 2.0.0.2, Opera 9.20 and recently in Internet Explorer 8. Ideally, we should not be vulnerable to this attack anymore. However, I have found a way to attack the fix that was done in Internet Explorer 8. I have tested it working with IE8 RC1 and final release version IE8.0.6001.18702. I call this a “Local Redirection Attack”.
The attack works as follows:
1. You are authenticated to vulnerable domain e.g. 50webs.com.
IE will fail to load all
subsequent image after an attempt to load the malicious PNG file.
*Detection:*
SecNiche confirmed this vulnerability affects Internet Explorer 7 and
Internet Explorer 8 Beta
on the Microsoft Windows XP SP2 platform.The versions tested are:
7.0.5730
8.0.6001
ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-041
June 10, 2009
-- CVE ID:
CVE-2009-1532
-- Affected Vendors:
Microsoft
There is a vulnerability in Internet Explorer which enables execution
of arbitrary code if the user visits a web page controlled by the
attacker. The vulnerability is caused by incorrectly validating
integer parameter passed to the 'add' method of the Select HTML
element. This vulnerability has been observed in Internet Explorer 8.
The vulnerability has been patched by Microsoft on October 11, 2011.
II. THE BUG
The bug is caused by incorrectly validating integer parameter passed
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
8, Google Chrome, Opera.
-----------------------------
Timeline:
26.05.2010 - found vulnerabilities.
26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
and other browsers
-----------------------------
URL: http://websecurity.com.ua/4206/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
8, Google Chrome, Opera and other browsers.
-----------------------------
Timeline:
16.05.2010 - found vulnerability.
17.05.2010 - disclosed at my site.
C:\> c:\windows\pchealth\helpctr\binaries\helpctr.exe -url "hcp://system/sysinfo/sysinfomain.htm?svr=<script defer>eval(unescape('Run%28%22calc.exe%22%29'))</script>"
C:\>
While this is fun, this isn't a vulnerability unless an untrusted third party
can force you to access it. Testing suggests that by default, accessing an
hcp:// URL from within Internet Explorer >= 8, Firefox, Chrome (and presumably
other browsers) will result in a prompt. Although most users will click through
this prompt (perfectly reasonable, protocol handlers are intended to be safe),
it's not a particularly exciting attack.
I've found a way to avoid the prompt in a default Windows XP installation in all
-------------------------
Affected products:
-------------------------
Vulnerable versions are Internet Explorer 6 (6.0.2900.2180), Internet
Explorer 7 (7.00.5730.13), Internet Explorer 8 (8.00.6001.18702) and
previous versions.
----------
Details:
----------
Our advanced binary planting research goes on... and it's time to reveal some
interesting hacks, for instance how to exploit binary planting (or DLL hijacking, if
you prefer the less suitable term) to execute remote malicious code through Internet
Explorer 9 in protected mode on Windows 7 - without issuing any security warnings. Or
how to do the same in Internet Explorer 8 on Windows XP, only even more stealthy.
The crux is described in our blog post:
http://blog.acrossecurity.com/2011/05/silently-pwning-protected-mode-ie9-and.html or
http://bit.ly/im6LcD,
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 8
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11266.
For further product information on the TippingPoint IPS, visit:
I've tested this DoS on Internet Explorer 8, does not significantly impact my system.
-----Original Message-----
From: MustLive [mailto:mustlive@websecurity.com.ua]
Sent: Sunday, July 19, 2009 10:33 AM
To: bugtraq@securityfocus.com
Subject: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
Hello Bugtraq!
Microsoft
-- Affected Products:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8653.
For further product information on the TippingPoint IPS, visit:
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9429.
For further product information on the TippingPoint IPS, visit:
>>> -----------------------------
>>> URL: http://websecurity.com.ua/4238/
>>> -----------------------------
>>> Affected products: Mozilla Firefox, Internet Explorer 6, Internet
>>> Explorer
>>> 8, Google Chrome, Opera.
>>> -----------------------------
>>> Timeline:
>>>
>>> 26.05.2010 - found vulnerabilities.
>>> 26.05.2010 - informed developers: Mozilla, Microsoft, Google and Opera.
Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability
tested against: Internet Explorer 8
Microsoft Windows Server 2003 r2 sp2
download url:
http://www.oracle.com/technetwork/middleware/epm/downloads/index.html
files tested:
SystemInstaller-11121-win32.zip
CVE: CVE-2011-1252
Introduction
-------------
The JavaScript function toStaticHTML, which is found in Internet Explorer 8 and Internet Explorer 9, is used to sanitize HTML fragments from dynamic and potentially malicious content.
If an attacker can manage to pass malicious code through this function, s/he may be able to perform HTML injection based attacks (such as XSS).
Vulnerability
-------------
An attacker can create a specially formed CSS that after passing through the toStaticHTML function will contain an expression that will trigger a JavaScript call.
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 9315.
For further product information on the TippingPoint IPS, visit:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8654.
For further product information on the TippingPoint IPS, visit:
<!--
Megacubo 5.0.7 (mega://) remote eval() injection exploit
by Nine:Situations:Group::pyrokinesis
site: http://retrogod.altervista.org/
tested against Internet Explorer 8 beta 2/xp sp 3
software site: http://www.megacubo.net/tv/
download url: http://sourceforge.net/project/showfiles.php?group_id=231636&package_id=280849&release_id=608023
description:
>>> -----------------------------
>>> URL: http://websecurity.com.ua/4206/
>>> -----------------------------
>>> Affected products: Mozilla Firefox, Internet Explorer 6, Internet
>>> Explorer
>>> 8, Google Chrome, Opera and other browsers.
>>> -----------------------------
>>> Timeline:
>>>
>>> 16.05.2010 - found vulnerability.
>>> 17.05.2010 - disclosed at my site.
Presentations:
- Delivering Identity Management 2.0 by Leveraging OPSS
- Bluepilling the Xen Hypervisor
- Pass the Hash Toolkit for Windows
- Internet Explorer 8 - Trustworthy Engineering and Browsing
- Full Process Reconsitution from Memory
- Hacking Internet Kiosks
- Analysis and Visualization of Common Packers
- A Fox in the Hen House - UPnP IGD
- MoocherHunting
==================
Technical Details:
==================
Successfully tested with Internet Explorer 8
http://<target>/serendipity/serendipity_admin?serendipity[adminModule]=event_display&serendipity[adminAction]=karmalog&serendipity[adminAction]=karmalog&serendipity[adminModule]=event_display&serendipity[filter][entryid]=' stYle='x:expre/**/ssion(alert(document.cookie)) &serendipity[filter][ip]=3&serendipity[filter][title]=3&serendipity[filter][user_agent]=3&serendipity[sort][order]=votetime&serendipity[sort][ordermode]=DESC&submit=-+Go!+-
http://<target>/serendipity/serendipity_admin?serendipity[adminModule]=event_display&serendipity[adminAction]=karmalog&serendipity[adminAction]=karmalog&serendipity[adminModule]=event_display&serendipity[filter][entryid]=3&serendipity[filter][ip]=' stYle='x:expre/**/ssion(alert(document.cookie)) &serendipity[filter][title]=3&serendipity[filter][user_agent]=3&serendipity[sort][order]=votetime&serendipity[sort][ordermode]=DESC&submit=-+Go!+-
Sent: Monday, July 20, 2009 10:16 PM
Subject: RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and
Chrome
> I've tested this DoS on Internet Explorer 8, does not significantly impact
> my system.
>
> -----Original Message-----
> From: MustLive [mailto:mustlive@websecurity.com.ua]
> Sent: Sunday, July 19, 2009 10:33 AM
III. AFFECTED PRODUCTS
---------------------------
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
On Windows 7, Windows 2008, Windows 2003, Windows Vista, and Windows XP
http://www.tippingpoint.com
- - -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer 8. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page or open a malicious file.
The specific flaw exists within how the application verifies arguments
for a certain operation performed on an element. When parsing one of the
III. AFFECTED PRODUCTS
---------------------------
Microsoft Internet Explorer 9
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Microsoft Windows 7 for x64-based Systems Service Pack 1
Microsoft Windows 7 for x64-based Systems
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 8
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 11272.
For further product information on the TippingPoint IPS, visit:
Next Page>>
|
